Mobile ad fraudsters have evolved, so why hasn't detection?

A recent study by Iotech Global, a media buying platform, found fraud was a leading concern for almost 50% of mobile advertisers

Now that apps are where the money is at for advertisers, it is time to talk about the elephant in the room - mobile ad fraud.

Indeed, a new, more sophisticated wave of duplicitous behaviour on mobile has once again thrust the issue into the spotlight, prompting a shakeout in adland.

According to a recent research study from Juniper Research, advertisers will lose an estimated $19bn to online ad fraud in 2018, or $51m per day. What is worse is these transgressions have successfully permeated mobile app advertising, too – once considered a relatively clean space – and costing advertisers some $2.5bn a year.

Fortunately, agencies and advertisers alike are waking up to unscrupulous practices amid high-profile lawsuits over claims of fraud and misattribution. In fact, a recent study by Iotech Global, a media buying platform, found fraud was a leading concern for almost 50% of mobile advertisers. In response, mobile marketing companies like Amobee in Singapore are starting to offer refunds to brands that encounter invalid traffic and bot fraud.

Mobile ad fraud is different

While these are important measures, it’s still very cursory. Mobile ad fraud is particularly challenging because existing desktop detection tools are not necessarily applicable to mobile – and, newer fraud tactics can easily circumvent older tracking methods.

Of the different fraud types, click spam, ad stacking and click injection can lead to wasted ad spend, skewed performance data and ultimately diverts budget from channels that genuinely perform well. The more sophisticated tactics like app install farms, bot driven installs, and compliance fraud are harder to combat because they mimic normal user behaviour to make the fake install look like it comes from genuine sources.

As such, we believe the onus is on all members of the supply chain to safeguard advertisers, and that means working with what you already know is good. This includes identifying what a good user looks like, and knowing what your KPIs are – because let’s face it, not all installs are equal; some hold more value for your business and your goals than others.

However, determining good users is only half the job. Today, we use robust fraud detection methods to block suspicious sources of traffic at the click and attribution levels. By leveraging statistical analysis of in app events, we can now detect fraudulent patterns in a way that helps prevent future fraud. For these we have strict policies in place to ensure advertisers don’t get charged.

Signs you’re simply paying for fraud

Fraud tactics are constantly evolving making it near impossible to stamp out fraud completely. There are however some signs to look for to see if fraud is present in your user acquisition campaigns so that you can limit its impact.

High number of conversions from one source: Hyper-engagement from one source typically means app farms/bots or ad stacking are at work. At first glance, they look like genuine installs because their behaviour mimics that of an actual user. It’s what happens after the install that gives it away, including low levels of engagement, mass uninstalls or any in-app events occurring on mass, and low value in-app purchases.

Traffic from outside your target area: If you are seeing traffic from outside your targeted area, or high volumes of traffic with obscured parameters, you can be sure compliance fraud is at play. Through this type of ad fraud, low-value, out of target traffic is disguised as premium traffic to attract higher payouts. Often, low conversion rates can be a symptom of this type of fraud.

Short and long click-to-install times: The Android operating system broadcasts to all apps on the same device that a new app is being downloaded. Fraudsters develop seemingly legitimate tools that use this broadcast to trigger clicks to the app store. The click will occur after the new app starts to download, but before it is opened, making it look like an actual conversion and stealing attribution.

Conversely, when installs from a single source appear to have no relationship to the click, it is likely that fraudsters are using click spam to steal attribution from another traffic source.

Suspicious post-install behaviour: Another big indication of ad fraud is if users don’t use your app or immediately uninstall it. However, this is somewhat tricky to determine because install farms can now mimic post-install behaviour. To combat this, it’s crucial to watch for patterns over time. Single source events that are happening in bulk require immediate investigation.

Monitoring for patterns in high volumes of traffic, as opposed to just on single campaigns, can help identify these tactics much sooner.

Today, smartphones are nearly ubiquitous, and as such advertising dollars are swiftly flowing to smaller screens. In Southeast Asia, eMarketer predicts that mobile ad spend will account for nearly 70% of ad expenditure by 2021. As ad spend continues to swell, it’s important to set aggressive standards to meet the challenge and stop fraudsters in their tracks. It will also need to be flexible enough to evolve as the threat does. This is going to take some time and effort – but it’s well worth the investment.